CVE-2025-7931
BaseFortify
Publication date: 2025-07-21
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| carmelo | church_donation_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7931 is a critical unrestricted file upload vulnerability in the Church Donation System version 1.0, specifically in the /members/admin_pic.php file. The vulnerability occurs because the system does not properly validate uploaded files, allowing attackers to bypass checks on file extensions, MIME types, and content. This flaw enables attackers to upload arbitrary and potentially malicious files, such as webshells, which can lead to unauthorized code execution on the server without requiring authentication. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution, unauthorized access to the server, leakage of sensitive data, privilege escalation, tampering with system data, full system compromise, and disruption of services. Since the exploit can be performed remotely without authentication, it poses a significant security risk to the system and its business data, potentially affecting business continuity and system security. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable endpoint "/members/admin_pic.php" on your system or network. Attackers may use Google dorking with the query `inurl:members/admin_pic.php` to find vulnerable targets. To detect exploitation attempts, monitor HTTP POST requests to this endpoint, especially multipart/form-data uploads containing suspicious files such as PHP scripts. You can use network monitoring tools or web server logs to look for such requests. For example, using command-line tools: 1) To search web server logs for POST requests to the vulnerable file: `grep 'POST /members/admin_pic.php' /var/log/apache2/access.log` 2) To detect uploaded PHP files or suspicious file extensions in upload directories: `find /path/to/uploads -type f -name '*.php'` or `grep -r '<?php' /path/to/uploads` 3) Use network traffic analysis tools like tcpdump or Wireshark to capture and inspect HTTP POST traffic targeting the vulnerable URL. These steps help identify attempts to exploit the unrestricted file upload vulnerability. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Implement strict validation of uploaded files by verifying file types, extensions, and MIME types on both client and server sides to prevent malicious files from being accepted. 2) Perform content inspection to detect disguised malicious files. 3) Store uploaded files outside the web root directory to prevent direct web access and execution. 4) Apply strict file system permissions on upload directories to disable execution rights. 5) Use secure file upload libraries or frameworks that provide robust upload handling and security mechanisms. 6) If possible, replace the affected component or upgrade to a version without this vulnerability. 7) Monitor and restrict access to the vulnerable endpoint and consider disabling or restricting the upload functionality until a secure fix is applied. [3, 2, 1]